Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
10.0(EOL), 10.1(EOL)
-
None
Description
Reproducible on a debug valgrind build (-DCMAKE_BUILD_TYPE=Debug -DWITH_VALGRIND=YES).
CREATE TABLE t1 (f1 DATE, f2 VARCHAR(1));
|
INSERT INTO t1 VALUES ('2003-04-27','a'),('1900-01-01','a');
|
SELECT GROUP_CONCAT(f2, IF(f1, f2, f1), f1 ORDER BY 2,1,3) FROM t1;
|
==6374== Invalid read of size 4
|
==6374== at 0x83F4FC: Field_newdate::cmp(unsigned char const*, unsigned char const*) (field.cc:5940)
|
==6374== by 0x911CA1: group_concat_key_cmp_with_order (item_sum.cc:3069)
|
==6374== by 0xE47BD4: tree_insert (tree.c:211)
|
==6374== by 0x912CD0: Item_func_group_concat::add() (item_sum.cc:3404)
|
==6374== by 0x9142CA: Aggregator_simple::add() (item_sum.h:670)
|
==6374== by 0x6E0C82: Item_sum::aggregator_add() (item_sum.h:519)
|
==6374== by 0x6D8301: update_sum_func(Item_sum**) (sql_select.cc:22612)
|
==6374== by 0x6CFBB9: end_send_group(JOIN*, st_join_table*, bool) (sql_select.cc:19140)
|
==6374== by 0x6CCFB6: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:18050)
|
==6374== by 0x6CCA6C: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:17867)
|
==6374== by 0x6CC14C: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17490)
|
==6374== by 0x6A9311: JOIN::exec_inner() (sql_select.cc:3084)
|
==6374== by 0x6A6709: JOIN::exec() (sql_select.cc:2373)
|
==6374== by 0x6A9B92: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3308)
|
==6374== by 0x69FE08: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
|
==6374== by 0x674727: execute_sqlcom_select(THD*, TABLE_LIST*) (sql_parse.cc:5304)
|
==6374== Address 0xd3927bd is 77 bytes inside a block of size 80 alloc'd
|
==6374== at 0x4C291E0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==6374== by 0xE3B66E: my_malloc (my_malloc.c:100)
|
==6374== by 0xE2FC50: alloc_root (my_alloc.c:180)
|
==6374== by 0xE47D42: tree_insert (tree.c:244)
|
==6374== by 0x912CD0: Item_func_group_concat::add() (item_sum.cc:3404)
|
==6374== by 0x9142CA: Aggregator_simple::add() (item_sum.h:670)
|
==6374== by 0x6E0C82: Item_sum::aggregator_add() (item_sum.h:519)
|
==6374== by 0x6E0B6D: Item_sum::reset_and_add() (item_sum.h:417)
|
==6374== by 0x6D8299: init_sum_functions(Item_sum**, Item_sum**) (sql_select.cc:22594)
|
==6374== by 0x6CFB3C: end_send_group(JOIN*, st_join_table*, bool) (sql_select.cc:19133)
|
==6374== by 0x6CCFB6: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:18050)
|
==6374== by 0x6CC8D8: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:17828)
|
==6374== by 0x6CC14C: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17490)
|
==6374== by 0x6A9311: JOIN::exec_inner() (sql_select.cc:3084)
|
==6374== by 0x6A6709: JOIN::exec() (sql_select.cc:2373)
|
==6374== by 0x6A9B92: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3308)
|
==6374== at 0x83F1C1: Field_newdate::val_str(String*, String*) (field.cc:5897)
|
==6374== by 0x5C6DF2: Field::val_str(String*) (field.h:417)
|
==6374== by 0x913E10: Field::val_str(String*, unsigned char const*) (field.h:832)
|
==6374== by 0x911F1A: dump_leaf_key (item_sum.cc:3128)
|
==6374== by 0xE48A93: tree_walk_left_root_right (tree.c:552)
|
==6374== by 0xE48A44: tree_walk_left_root_right (tree.c:551)
|
==6374== by 0xE489DB: tree_walk (tree.c:539)
|
==6374== by 0x913A4F: Item_func_group_concat::val_str(String*) (item_sum.cc:3640)
|
==6374== by 0x87DEB4: Item::send(Protocol*, String*) (item.cc:6508)
|
==6374== by 0x5C489B: Protocol::send_result_set_row(List<Item>*) (protocol.cc:903)
|
==6374== by 0x632F9A: select_send::send_data(List<Item>&) (sql_class.cc:2556)
|
==6374== by 0x6CF93E: end_send_group(JOIN*, st_join_table*, bool) (sql_select.cc:19077)
|
==6374== by 0x6CC6A7: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:17782)
|
==6374== by 0x6CC199: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17493)
|
==6374== by 0x6A9311: JOIN::exec_inner() (sql_select.cc:3084)
|
==6374== by 0x6A6709: JOIN::exec() (sql_select.cc:2373)
|
==6374== Address 0xd39284d is 77 bytes inside a block of size 80 alloc'd
|
==6374== at 0x4C291E0: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
|
==6374== by 0xE3B66E: my_malloc (my_malloc.c:100)
|
==6374== by 0xE2FC50: alloc_root (my_alloc.c:180)
|
==6374== by 0xE47D42: tree_insert (tree.c:244)
|
==6374== by 0x912CD0: Item_func_group_concat::add() (item_sum.cc:3404)
|
==6374== by 0x9142CA: Aggregator_simple::add() (item_sum.h:670)
|
==6374== by 0x6E0C82: Item_sum::aggregator_add() (item_sum.h:519)
|
==6374== by 0x6D8301: update_sum_func(Item_sum**) (sql_select.cc:22612)
|
==6374== by 0x6CFBB9: end_send_group(JOIN*, st_join_table*, bool) (sql_select.cc:19140)
|
==6374== by 0x6CCFB6: evaluate_join_record(JOIN*, st_join_table*, int) (sql_select.cc:18050)
|
==6374== by 0x6CCA6C: sub_select(JOIN*, st_join_table*, bool) (sql_select.cc:17867)
|
==6374== by 0x6CC14C: do_select(JOIN*, List<Item>*, TABLE*, Procedure*) (sql_select.cc:17490)
|
==6374== by 0x6A9311: JOIN::exec_inner() (sql_select.cc:3084)
|
==6374== by 0x6A6709: JOIN::exec() (sql_select.cc:2373)
|
==6374== by 0x6A9B92: mysql_select(THD*, Item***, TABLE_LIST*, unsigned int, List<Item>&, Item*, unsigned int, st_order*, st_order*, Item*, st_order*, unsigned long long, select_result*, st_select_lex_unit*, st_select_lex*) (sql_select.cc:3308)
|
==6374== by 0x69FE08: handle_select(THD*, LEX*, select_result*, unsigned long) (sql_select.cc:373)
|